Amendments to the Claims: 

Re-write the claims as set forth below. This listing of claims will replace all prior versions and 
listings, of claims in the application: 

Listing of Claims: 

1. (previously presented) A computer network security system having enforceable 
security policy provision comprising: 

means for providing variable security policy rule data for distribution to at least one 
network node; 

means, operatively coupled to the means for providing, for associating a digital signature 
of a central security policy rule data distribution source to the variable security policy rule data; 
means for storing the digital signature and the variable policy rule data; and 
network node means, operatively coupled to the storage means, for periodically obtaining 
the digital signature and the variable policy rule data from the means for storing, and not from a 
forwarded signed message, and for analyzing the variable policy rule data to facilitate unilateral 
security policy enforcement at a network node level. 

2. (original) The computer network system of claim 1 wherein the means for 
providing includes user interface means for facilitating selection of variable security policy rule 
data. 

3. (original) The computer network system of claim 1 wherein the means for 
providing provides the variable security policy rule data from a data file. 



CHICAGO/#1413689.1 



2 



4. (original) The computer network system of claim 1 wherein the means for 
providing variable security policy rule data facilitates selection of variable security policy rule 
data on a per network node basis for central policy definition for the at least one network node, 

5. (original) The computer network system of claim 1 wherein the means for 
associating a digital signature of a central security policy rule data distribution source includes 
means for associating a digital signature to the variable policy rule data to create a policy 
certificate. 

6. (original) The computer network system of claim 1 wherein the network node 
means includes: 

means for storing variable policy rule data; and 

means, operatively coupled to the means for storing, for using policy rule analysis data to 
decode the variable policy rule data to facilitate security policy enforcement at a network node 
level. 

7. (original) The computer network system of claim 1 wherein the variable policy 
rule data includes at least security policy identification data and policy rule setting data. 

8. (original) The computer network system of claim 7 wherein the variable policy 
rule data includes policy rule prioritization data. 
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9. (previously presented) The computer network system of claim 1 wherein the 
variable policy rule data includes policy rule data on a per application basis for a plurality of 
software applications supported by at least one network node. 

10. (original) The computer network system of claim 1 wherein the means for storing 
the digital signature and the variable policy rule data stores a policy certificate for distribution to 
the network node under control of the network node. 

11. (original) The computer network system of claim 1 wherein the means for storing 
the digital signature and the variable policy rule data stores a policy certificate for distribution to 
the network nodes under control of the means for associating. 

12. (currently amended) A computer network security system having enforceable 
security policy provision comprising: 

means for storing variable security policy rule data for use by a network node; and 
means, operatively coupled to the means for storing, for securely providing the variable 
security policy rule data for distribution to at least one network node other than through a 
forwarded signed message to facilitate unilateral security policy enforcement at a network node 
level. 

from the m e ans for storing, and not from a forwarded signed message , 
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13. (original) The computer network system of claim 12 including user interface 
means for facilitating selection of variable security policy rule data for storage in the storage 
means. 

14. (original) The computer network system of claim 12 wherein the means for 
providing provides the variable security policy rule data from a data file. 

15. (original) The computer network system of claim 12 wherein the means for 
providing variable security policy rule data facilitates selection of variable security policy rule 
data on a per network node basis for central policy definition for the at least one network node. 

16. (previously presented) A method for providing enforceable security policy 
provisions comprising: 

providing variable security policy rule data for distribution to at least one network node; 
associating a digital signature of a central security policy rule data distribution source to 
the variable security policy rule data; 

storing the digital signature and the variable policy rule data; and 

periodically obtaining the digital signature and the variable policy rule data, not 
forwarded with a signed message, and analyzing the variable policy rule data to facilitate 
unilateral security policy enforcement. 

17. (original) The method of claim 16, wherein the step of providing variable 
security policy rule data includes facilitating selection of variable security policy rule data. 
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18. (original) The method of claim 16, wherein providing variable security policy 
rule data includes facilitating selection of variable security policy rule data on a per network 
node basis for policy definition for at least one network node. 

19. (original) The method of claim 16, wherein associating a digital signature of a 
central security policy rule data distribution source includes associating a digital signature to the 
variable policy rule data to create a policy certificate. 

20. (original) The method of claim 16, wherein the step of obtaining the digital 
signature and the variable policy rule data includes: 

storing variable policy rule data; 

storing policy rule analysis data for evaluating the policy rule data; and 
using the policy rule analysis data to decode the variable policy rule data to facilitate 
unilateral security policy enforcement at a network node level. 

21. (original) The method of claim 16, wherein the variable policy rule data includes 
at least security policy identification data, policy rule setting data and policy rule prioritization 
data. 

22. (original) The method of claim 16 wherein the variable policy rule data includes 
differing policy rule data for a plurality of software applications supported by at least one 
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network node and wherein the at least one network node includes means for facilitating 
cryptographic processing of data that is accessible by the plurality of software applications. 

23. (original) The method of claim 16, wherein storing the digital signature and the 
variable policy rule data includes storing a policy certificate for distribution to the network nodes 
under control of the network nodes. 

24. (original) The method of claim 16, wherein storing the digital signature and the 
variable policy rule data includes storing a policy certificate for distribution to the network nodes 
under control of a network server. 

25. (previously presented) A method for providing enforceable security policy 
provision comprising: 

storing variable policy rule data for use by a network node; and 

securely providing the variable security policy rule data for distribution to at least one 
network node other than through a forwarded signed message to facilitate unilateral security 
policy enforcement at a network node level. 

26. (original) The method of claim 25including facilitating selection of variable 
security policy rule data through a user interface. 

27. (original) The method of claim 25 wherein securely providing includes providing 
the variable security policy rule data from a data file. 
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28. (original) The method of claim 25 wherein providing variable security policy rule 
data includes facilitating selection of variable security policy rule data on a per network node 
basis for central policy definition for the at least one network node. 

29. (previously presented) A computer having enforceable security policy provision 
comprising: 

means for obtaining variable policy rule data from a central security policy rule data 
distribution source and not from a forwarded signed message; 

means, operatively coupled to the means for obtaining, for analyzing the variable policy 
rule data; and 

means, responsive to the means for analyzing the variable policy rule data, for facilitating 
unilateral security policy enforcement at a network node level based on the variable policy rule 
data. 

30. (original) The computer of claim 29 wherein the means for obtaining includes 
means for storing variable policy rule data, and wherein the means for analyzing the variable 
policy rule data includes means for storing policy rule analysis data for evaluating the policy rule 
data and means, operatively coupled to the means for storing and the means for storing policy 
rule analysis data, for using the policy rule analysis data to decode the variable policy rule data to 
facilitate security policy enforcement at a network node level. 

31. (original) The computer of claim 29 wherein the variable policy rule data 
includes differing policy rule data for a plurality of software applications supported by the 
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computer and wherein the computer includes means for facilitating cryptographic processing of 
data that is accessible by the plurality of software applications. 

32. (original) The computer of claim 29 wherein the variable policy rule data 
includes at least security policy identification data and policy rule setting data. 

33. (original) The computer of claim 29wherein the variable policy rule data includes 
policy rule prioritization data and wherein the means for periodically obtaining obtains a digital 
signature corresponding to the policy rule data. 

34. (previously presented) A storage medium for storing programming instructions 
that, when read by a processing unit, causes the processing unit to provide enforceable security 
policy provision, the storage medium comprising: 

first means for storing programming instructions that facilitate storing variable security 
policy rule data for use by a network node; and 

second means for storing programming instructions that facilitate providing the variable 
security policy rule data for distribution to at least one network node other than through a 
forwarded signed message to facilitate unilateral security policy enforcement at a network node 
level. 

35. (original) The storage medium of claim 34 wherein the first means for storing 
programming instructions stores programming instructions that, when read by a processing unit, 
causes the processing unit to facilitate selection of variable security policy rule data. 
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36. (original) The storage medium of claim 34 wherein the first means for storing 
programming instructions stores programming instructions that, when read by a processing unit, 
causes the processing unit to facilitate selection of variable security policy rule data on a per 
network node basis for policy definition for to at least one network node. 

37. (original) The storage medium of claim 34 wherein the first means for storing 
programming instructions stores programming instructions that, when read by a processing unit, 
causes the processing unit to associate a digital signature of a central security policy rule data 
distribution source by associating a digital signature to a policy rule data to create a policy 
certificate. 

38. (original) The storage medium of claim 37 wherein the first means for storing 
programming instructions stores programming instructions that, when read by a processing unit, 
causes the processing unit to store the variable policy rule data that includes at least security 
policy identification data and policy rule setting data. 

39. (previously presented) The system of Claim 1 wherein the central security policy 
rule data distribution source is a certification authority. 

40. (previously presented) The system of Claim 1 wherein the variable policy rule 
data includes policy rule data on a per node basis. 
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